Bug 1190612 - (CVE-2020-21533) VUL-0: CVE-2020-21533: transfig: stack buffer overflow in the read_textobject function in read.c.
(CVE-2020-21533)
VUL-0: CVE-2020-21533: transfig: stack buffer overflow in the read_textobject...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/310322/
CVSSv3.1:SUSE:CVE-2020-21533:7.8:(AV:...
:
Depends on:
Blocks: CVE-2020-21535
  Show dependency treegraph
 
Reported: 2021-09-17 14:00 UTC by Gianluca Gabrielli
Modified: 2021-11-18 14:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-09-17 14:00:36 UTC
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function
in read.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21533
https://sourceforge.net/p/mcj/tickets/59/
Comment 1 Dr. Werner Fink 2021-09-17 14:04:05 UTC
also gets fixed with transfig-3.2.8a
Comment 2 Gianluca Gabrielli 2021-09-17 14:09:53 UTC
This bug can be fixed backporting 41b9bb [0] as for bsc#1190607.

[0] https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
Comment 3 Dr. Werner Fink 2021-10-07 08:34:22 UTC
Now QA seems to be done (see below) can we now check if this bug is still valid? 

/suse/werner> osc ls openSUSE:Backports:SLE-15-SP3:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP3:Update transfig.16970 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> osc ls openSUSE:Backports:SLE-15-SP2:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP2:Update transfig.16971 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> isc ls SUSE:SLE-11:Update transfig
_link
# -> SUSE:SLE-11:Update transfig.20308 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
Comment 4 Gianluca Gabrielli 2021-10-21 12:18:08 UTC
I don't see this CVE/BZ ID mentioned in the changes file, was that an overlook?
Comment 5 Dr. Werner Fink 2021-10-21 13:59:32 UTC
(In reply to Gianluca Gabrielli from comment #4)
> I don't see this CVE/BZ ID mentioned in the changes file, was that an
> overlook?

ON SLE-11, SLE-12, and SLE-15 we are talking about 3.2.8a and IMHO with the submnissions this bug was fixed before it was done ... the only problem was that the submnissions had stucked within the QA channels meanwhile
Comment 6 Gianluca Gabrielli 2021-10-26 07:10:54 UTC
The fix has been shipped with the version bump to all three codestreams. We are only missing the mention of this CVE / BZ ID in related changes files.
Can you please submit a request with the correct changes file? Thank you.
Comment 7 OBSbugzilla Bot 2021-10-26 14:40:18 UTC
This is an autogenerated message for OBS integration:
This bug (1190612) was mentioned in
https://build.opensuse.org/request/show/927524 Factory / transfig
Comment 10 Swamp Workflow Management 2021-10-29 19:23:14 UTC
SUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    transfig-3.2.8b-4.15.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    transfig-3.2.8b-4.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-10-29 19:25:27 UTC
openSUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    transfig-3.2.8b-4.15.1
Comment 12 Swamp Workflow Management 2021-10-29 19:32:23 UTC
SUSE-SU-2021:3585-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud Crowbar 8 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 8 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    transfig-3.2.8b-2.20.1
HPE Helion Openstack 8 (src):    transfig-3.2.8b-2.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-11-02 14:21:04 UTC
SUSE-SU-2021:14836-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    transfig-3.2.8b-160.16.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-11-02 17:22:13 UTC
openSUSE-SU-2021:1439-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    transfig-3.2.8b-lp152.6.9.1
Comment 15 Swamp Workflow Management 2021-11-07 23:16:53 UTC
openSUSE-SU-2021:1458-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    transfig-3.2.8b-bp152.3.6.2
Comment 16 Swamp Workflow Management 2021-11-18 14:20:14 UTC
openSUSE-SU-2021:1481-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    transfig-3.2.8b-bp153.3.6.3